Method and System for Identifying an Optimized Set of Code Commits to Perform Vulnerability Remediation

1. A method of performing remediation for managing vulnerabilities in an application, the method comprising: receiving, by a processor of a remediation system, data related to one or more source code associated with a plurality of vulnerabilities and a target source code of an application, from one or more data sources for generating a remediation workflow for the one or more source code; identifying, by the processor of the remediation system, a commit-log comprising a plurality of code commits for the plurality of vulnerabilities of the one or more source code, wherein the identification comprises: extracting, by the processor of the remediation system, one or more features associated with each code commit of the commit-log from the one or more data sources; and extracting, by the processor of the remediation system, one or more test cases for each code commit based on the one or more features and exploit code associated with each code commit from the one or more data sources; generating, by the processor of the remediation system, scripts for a traversal path between the one or more source code to the target source code based on the remediation workflow, by populating the one or more features associated with each code commit with a corresponding test case; determining, by the processor of the remediation system, a lower bound limit and an upper bound limit in the traversal path to identify one or more optimal code commits log from the commit-log based on the extracted one or more test cases; and performing, by the processor of the remediation system, remediation for the one or more source code by generating one or more security patches for the one or more optimal code commits log based on criteria associated with the plurality of vulnerabilities of the one or more source code.

2. The method as claimed in claim 1, wherein the data comprises vulnerability data and configuration data related to the one or more source code and the target source code.

3. The method as claimed in claim 1, wherein the one or more data sources comprises a plurality of databases.

4. The method as claimed in claim 1, wherein determining the lower bound limit and the upper bound limit in the traversal path comprises: identifying, by the processor of the remediation system, the lower bound limit by traversing from the one or more source code to the target source code and eliminating one or more code commits from the commit-log based on failure of exploit test cases associated with the one or more code commits; and identifying, by the processor of the remediation system, the upper bound limit by traversing from the target source code to the one or more source code and eliminating features of the target source code based on failure of test cases related to the features.

5. The method as claimed in claim 1, wherein the criteria are determined by: obtaining, by the processor of the remediation system, one or more exploit test cases associated with the one or more optimal code commits log from the one or more data sources; and determining, by the processor of the remediation system, the criteria based on the one or more exploit test cases, wherein the criteria comprise a critically criticality value and a code coverage value for the plurality of vulnerabilities of the one or more source code.

6. The method as claimed in claim 1, wherein generating the one or more security patches comprises: identifying, by the processor of the remediation system, a weakness pattern between the one or more source code and the target source code based on weakness information of the one or more source code obtained from the one or more data sources; extracting, by the processor of the remediation system, information associated with the weakness pattern from the one or more data sources; and generating, by the processor of the remediation system, the one or more security patches for the one or more optimal code commits log based on the weakness pattern and the corresponding information.

7. The method as claimed in claim 1 further comprising: validating, by the processor of the remediation system, the one or more security patches by executing the one or more security patches for the one or more optimal code commits log.

8. A remediation system of performing remediation for managing vulnerabilities in an application, comprising: a processor; and a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, cause the processor to: receive data related to one or more source code associated with a plurality of vulnerabilities and a target source code of an application, from one or more data sources for generating a remediation workflow for the one or more source code; identify a commit-log comprising a plurality of code commits for the plurality of vulnerabilities of the one or more source code, wherein the identification comprises: extracting one or more features associated with each code commit of the commit-log from the one or more data sources; and extracting one or more test cases for each code commit based on the one or more features and exploit code associated with each code commit from the one or more data sources; generate scripts for a traversal path between the one or more source code to the target source code based on the remediation workflow, by populating the one or more features associated with each code commit with a corresponding test case; determine a lower bound limit and an upper bound limit in the traversal path to identify one or more optimal code commits log from the commit-log based on the extracted one or more test cases; and perform remediation for the one or more source code by generating one or more security patches for the one or more optimal code commits log based on criteria associated with the plurality of vulnerabilities of the one or more source code.

9. The remediation system as claimed in claim 8, wherein the data comprises vulnerability data and configuration data related to the one or more source code and the target source code.

10. The remediation system as claimed in claim 8, wherein the one or more data sources comprises a plurality of databases.

11. The remediation system as claimed in claim 8, wherein the processor is configured to determine the lower bound limit and the upper bound limit in the traversal path by: identifying the lower bound limit by traversing from the one or more source code to the target source code and eliminating one or more code commits from the commit-log based on failure of exploit test cases associated with the one or more code commits; and identifying the upper bound limit by traversing from the target source code to the one or more source code and eliminating features of the target source code based on failure of test cases related to the features.

12. The remediation system as claimed in claim 8, wherein the processor is configured to determine criteria by: obtaining one or more exploit test cases associated with the one or more optimal code commits log from the one or more data sources; and determining the criteria based on the one or more exploit test cases, wherein the criteria comprise a criticality value and a code coverage value for the plurality of vulnerabilities of the one or more source code.

13. The remediation system as claimed in claim 8, wherein the processor is configured to generate the one or more security patches by: identifying a weakness pattern between the one or more source code and the target source code based on weakness information of the one or more source code obtained from the one or more data sources; extracting information associated with the weakness pattern from the one or more data sources; and generating the one or more security patches for the one or more optimal code commits log based on the weakness pattern and the corresponding information.

14. The remediation system as claimed in claim 8, wherein the processor is configured to perform: validating the one or more security patches by executing the one or more security patches for the one or more optimal code commits log.

15. A non-transitory computer readable medium including instruction stored thereon that when processed by at least one processor cause a remediation system to perform operation comprising: receiving, by a processor of remediation system, data related to one or more source code associated with a plurality of vulnerabilities and a target source code of an application, from one or more data sources for generating a remediation workflow for the one or more source code; identifying, by the processor of the remediation system, a commit-log comprising a plurality of code commits for the plurality of vulnerabilities of the one or more source code, wherein the identification comprises: extracting, by the processor of the remediation system, one or more features associated with each code commit of the commit-log from the one or more data sources; and extracting, by the processor of the remediation system, one or more test cases for each code commit based on the one or more features and exploit code associated with each code commit from the one or more data sources; generating, by the processor of the remediation system, scripts for a traversal path between the one or more source code to the target source code based on the remediation workflow, by populating the one or more features associated with each code commit with a corresponding test case; determining, by the processor of the remediation system, a lower bound limit and an upper bound limit in the traversal path to identify one or more optimal code commits log from the commit-log based on the extracted one or more test cases; and performing, by the processor of the remediation system, remediation for the one or more source code by generating one or more security patches for the one or more optimal code commits log based on criteria associated with the plurality of vulnerabilities of the one or more source code.

16. The non-transitory computer readable medium as claimed in claim 15, including instruction stored thereon that when processed by at least one processor cause the remediation system to perform operation comprising determining the lower bound limit and the upper bound limit in the traversal path by: identifying, by the processor of the remediation system, the lower bound limit by traversing from the one or more source code to the target source code and eliminating one or more code commits from the commit-log based on failure of exploit test cases associated with the one or more code commits; and identifying, by the processor of the remediation system, the upper bound limit by traversing from the target source code to the one or more source code and eliminating features of the target source code based on failure of test cases related to the features.

17. The non-transitory computer readable medium as claimed in claim 15, including instruction stored thereon that when processed by at least one processor cause the remediation system to perform operation comprising determining the criteria by: obtaining, by the processor of the remediation system, one or more exploit test cases associated with the one or more optimal code commits log from the one or more data sources; and determining, by the processor of the remediation system, the criteria based on the one or more exploit test cases, wherein the criteria comprise a criticality value and a code coverage value for the plurality of vulnerabilities of the one or more source code.

18. The non-transitory computer readable medium as claimed in claim 15, including instruction stored thereon that when processed by at least one processor cause the remediation system to perform operation comprising generating the one or more security patches by: identifying, by the processor of the remediation system, a weakness pattern between the one or more source code and the target source code based on weakness information of the one or more source code obtained from the one or more data sources; extracting, by the processor of the remediation system, information associated with the weakness pattern from the one or more data sources; and generating, by the processor of the remediation system, the one or more security patches for the one or more optimal code commits log based on the weakness pattern and the corresponding information.